Global Tips

Protecting Your Organization From Business Email Compromise

By Saul Howerton

Multinationals are attractive targets for fraudsters who specialize in business email compromise (BEC). The practice involves deceiving business people through phishing or social engineering tactics, usually in order to steal money, but sometimes to gain access to private information.

BEC is a serious and growing problem. According to the U.S. Federal Bureau of Investigation’s Internet Crime Complaint Center, BEC has increased by 1,300% since 2015, with losses totaling more than $3 billion.

Thieves know multinationals have deep pockets and a dispersed workforce where many people never connect face to face, ensuring they won’t question transactions at the water cooler. In addition, local cybercriminals have an established pattern of gradually taking their scams to the global stage, security experts say. The global economy may also connect multinationals to regional criminals they wouldn’t otherwise encounter.

To stop BEC scammers, you need to understand how they operate. Phony invoices is one of the most common ploys to watch out for.

In this scam, criminals comb through news reports, business filings, and social media sites to learn about a company and its executives, partners, and suppliers. They then purchase a “spoofing” web domain similar to a regular supplier’s web domain — say, “ipartssupplies.com” instead of “ipartsupplies.com”—and send an email to a specific person they’ve targeted at the company, usually someone in finance. The email attaches an invoice and directs the recipient to wire payment to a bank account.

Saul Howerton manages Radius’ global advisory team, which includes experts in HR, global and U.S. tax, global mobility, corporate governance, and legal-related matters. He joined Radius in 2008 and has more than 15 years of experience providing advice on global operations and finance. Prior to Radius, he worked as a senior P&L analyst at Intel Corporation.